Tutorial: Creating a CUmulus instance


Learning Objectives:


Part 1: Logging in to CUmulus via Horizon


Horizon is the CUmulus web portal, hosted at https://cumulus.rc.colorado.edu. Let’s take a brief tour of Horizon.

Log in with your institution’s credentials:

Navigate to https://cumulus.rc.colorado.edu and authenticate using your insitution’s credentials (e.g., University of Colorado Boulder)

../_images/login3.png




Part 2: Instance Creation


Instance creation: Launch a new instance

Instances are virtual machines that run inside the cloud, more simply: an instance is just a digital version of a physical computer.

  • Instances can perform almost all of the same functions as a computer, including running applications and operating systems.

Do the following:

  1. Select a project
  2. Navigate to “Compute”
  3. Select “Instances”
  4. click “Launch Instance” to begin creating your virtual machine.

../_images/navigate_to_instances1.png

Instance creation: Details

The first instance creation screen is entiled Details:

../_images/instance_details1.png

  • Fill out the instance name and description
    • availability zone and count can be left as default. This value is set to the availability zone given by the cloud provider (for example, us-west or apac-south).
  • click Next when done to go to the Source screen.

Instance creation: Source

Next, we’ll select our boot source. We’re starting a new instance from scratch here so we’ll boot from a source OS image.

../_images/instance_source1.png

  • Choose an operating system from the list of images CURC provides (in this example we pick Ubuntu 18.04)
  • Choose a storage volume size
    • For this tutorial, choose 4 GB
    • Choosing an image will auto-populate the size, warning you if it is too small
  • Choose to have your storage volume deleted on Instance Deletion
    • If you select No be aware “zombie” volumes will remain when the instance is deleted (you will need to remove them manually later!)
  • click Next when done to go to the Flavor screen.

Instance creation: Flavor

A flavor defines the compute, memory, and storage capacity of our instance.

../_images/instance_flavor1.png

  • Choose the most appropriate sizing for your use case from a list of pre-selected resources
    • For this tutorial, select the smallest size
  • click Next when done to go to the Networks screen.

Instance creation: Networks & Network Ports

../_images/instance_networks1.png

  • Select a project network, which determines routability of either a public/internet (26140) or campus/internal (1840) floating IP.
    • For this tutorial we’ll choose an external network, 26140
  • click Next when done to go to the Ports screen.
    • Ports provide extra communication channels to your instances.
    • You can select ports instead of networks or a mix of both.
  • click Next when done to go to the Security Groups screen.

Instance creation: Security Groups

../_images/instance_security_groups1.png

  • Security Groups act as a virtual firewall for your instance to control inbound and outbound traffic.
    • Choose ssh-restricted, http, and https for this tutorial
  • click Next when done to go to the Key Pair screen.

Instance creation: Key Pair

../_images/instance_keypair1.png

  • A key pair allows you to SSH into your new instance.
  • You may select an existing key pair, import a key pair, or generate a new key pair.
    • Tip: it is often easiest to create a keypair in a terminal on your local machine and import it: https://www.ssh.com/academy/ssh/public-key-authentication
  • click Next when done to go to the Configuration screen.

An aside on SSH keypairs: SSH keys are an access credential that is used in the SSH protocol and they are foundational to modern Infrastructure-as-a-Service platforms. Public key authentication provides cryptographic strength that even extremely long passwords can not offer. With SSH, public key authentication improves security considerably as it frees the users from remembering complicated passwords (or worse yet, writing them down).

They can be tricky to set up for new users however, so we’ll go over a simple example here. From your terminal in a local machine use the ssh-keygen command to create a new ssh keypair (you can specify cryptographic algorithm, in this case we’ll use the Ed25519 algorithm):

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519):

Here you can specify the full path/name of the keypair files and even set a extra passwords. We’ll press enter twice for the no passphrase option. Our new keypairs have been created at /home/username/.ssh/ and are called id_ed25519 and id_ed25519.pub. The public key (.pub) can be transferred to other remote servers (this is the key we will import to our CUmulus instance) but the private key (no suffix) should never leave the host machine.


Instance creation: Configuration, Server Group, Scheduler Hints, and Metadata

../_images/instance_config1.png

  • For the remaining screens – Configuration, Server Group, Scheduler Hints, and Metadata – leave these as defaults, as they are extra, optional configuration for the instances.

Instance creation: Launch Instance and Associate IP

  • Finally you can click Launch instance!
    • the instance will take a few minutes to finish provisioning.
  • You can now associate a Floating IP to enable access to the instance from outside of the CU network.
    • On the right hand side of the newly created instance choose Associate Floating IP under the Actions dropdown

../_images/instance_ip11.png

  • Now select from available IP addresses if needed (e.g., if you’ll be adding a web portal to your instance)
  • The Select port to be associated option should already be pre-populated with the internal IP of your new instance

../_images/instance_ip21.png


Part 3: Logging into your Instance


At a minimum, you’ll need to login to your instance via ssh to install the software you’ll be using. Other reasons to login to the instance may be to stop or start services, associate a domain name with your IP, run your software, troubleshoot problems, etc. You are essentially the “system administrator” of your own instance.

  • To login to an instance via ssh, you must be on CU VPN to connect (this is CURC restriction)
  • Open up an ssh connection providing the identity (key) file that you associated with the instance in the Key Pair step covered earlier:
$ ssh -i ~/.ssh/<private key> <hostname>@<external floating IP>
  • Note that hostname will be “ubuntu” for Ubuntu instances, “centos” for Centos instances, etc.
    • For example, for an ubuntu instance your ssh command may look something like this:
$ ssh -i ~/.ssh/testkey ubuntu@123.456.789.123

Congratulations! You are now logged into your instance!

  • You can now:
    • Install Software
    • Administer your instance
    • Run applications and jobs
  • If you need to perform actions as the root (administrative) user, once logged in you can “sudo” to the root account as follows:
$ sudo su - root

or run a command with the sudo prefix.


Additional Information


This work has been funded in part by the National Science Foundation under grant OAC-1925766